[Emerging-updates] Daily Update Summary 21/1/11

Matthew Jonkman jonkman at emergingthreatspro.com
Fri Jan 21 15:44:01 EST 2011

The Pro ruleset has seen a massive amount of change in this update. Mostly classtyping updates and performance updates. I've removed the modifications for brevity. Full logs are available in the changelogs dir on the rules update servers!

An RBN update is out as well, so please update if you're running those rules!

[+++]          Added rules:          [+++]

 2012204 - ET SCAN Modified Sipvicious Sundayddr Scanner (scan.rules)
 2012205 - ET WEB_CLIENT Possible Malicious String.fromCharCode with charCodeAt String (web_client.rules)
 2012206 - ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt (activex.rules)
 2012207 - ET CURRENT_EVENTS Possible Twitter Worm Attack (current_events.rules)
 2012208 - ET CURRENT_EVENTS FAKEAV CryptMEN pack.exe Payload Download (current_events.rules)
 2012209 - ET CURRENT_EVENTS m28sx twitter worm redirect access (current_events.rules)
 2012210 - ET CURRENT_EVENTS DNS Lookup of Twitter m28sx Worm (current_events.rules)
 2012211 - ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
 2012212 - ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
 2012213 - ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UNION SELECT SQL Injection Attempt (web_specific_apps.rules)
 2012214 - ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter INSERT INTO SQL Injection Attempt (web_specific_apps.rules)
 2012215 - ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UPDATE SET SQL Injection Attempt (web_specific_apps.rules)
 2012216 - ET WEB_SPECIFIC_APPS B-Cumulus tagcloud.swf Cross Site Scripting Attempt (web_specific_apps.rules)
 2012217 - ET WEB_SPECIFIC_APPS LetoDMS lang Parameter Local File Inclusion Attempt (web_specific_apps.rules)
 2012218 - ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt (activex.rules)
 2012219 - ET WEB_SPECIFIC_APPS BetMore Site Suite mainx_a.php bid Paramter Blind SQL Injection Attempt (web_specific_apps.rules)
 2012220 - ET WEB_SPECIFIC_APPS B-Cumulus tagcloud-ru.swf Cross Site Scripting Attempt (web_specific_apps.rules)
 2800536 - ETPRO WEB_SERVER Sun Java System Web Server WEBDAV Stack Buffer Overflow COPY (web_server.rules)


Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Emerging-updates mailing list